Data is communicated in computerized systems in data packets. Data packets communicated in the system may need to be checked for various reasons. For example, some of the packets can be malicious, and can cause various degrees of harm to a recipient who receives and processes such a packet. The harm can be from a minor nuisance to serious security and/or financial risks. Therefore, various ways to detect suspicious packets before they are processed further by a recipient have been developed.
Replay attacks are one form of malicious activities taking place e.g. in the Internet. In a replay attack a data transmission from a source to a destination is maliciously or fraudulently repeated or delayed. It is an attempt to subvert security by someone who repeats communication of packets, for example, in order to impersonate a valid user, and to disrupt or cause negative impact for legitimate connections. A particular example of these is a denial-of-service (DoS) attack.
Anti-replay methods have been developed to address replay attacks. An example of an attempt to standardize anti-replay is the anti-replay service of IPsec (Internet Protocol Security). IPsec is a protocol suite for securing Internet Protocol (IP) as standardized by the Internet Engineering Task Force (IETF). Anti-replay aims to prevent attackers from injecting packets in communications from source to destination. Anti-replay can be implemented by means of using a unique packet sequence number series per unidirectional security association (SA) established between two nodes of a network. Once a secure connection is established, the anti-replay protocol uses a packet sequence number or a counter to verify the legitimacy of the transmission. When the source sends a message, it adds a sequence number to the packet and increments the sequence number every time it sends another message. The destination receives the message and keeps a history of the sequence numbers and determines the possibility of an attack based on a comparison of the sequence numbers.
Implementation of anti-replay protection requires maintaining a ‘global’ lower bound of a window for any given SA. If a message has a lower or equal number than the previous message or if the message is below the lower bound, the packet is dropped as suspicious. If the number is larger than the previous one, it is kept and the number thereof is shifted to be the new number and so forth.
Anti-replay protection can be provided for example is association with Encapsulating Security Payload (ESP) operation. The ESP is a member of the Internet Protocol Security (IPsec) protocol suite where it is used to provide origin authenticity, integrity and confidentiality protection of data packets. A security parameter index (SPI) is used to identify the unidirectional SA, the sequence number being then in the next field of ESP packet header.
Anti-replay protection can cause a bottleneck, especially if parallelization of packet decapsulation is provided. This can occur e.g. in keyed-hash message authentication code (HMAC) checking and decryption. HMAC is a specific construction for calculating a message authentication code (MAC) involving a cryptographic hash function in combination with a secret cryptographic key. Even if several cores are provided for parallel processing of the packets, the anti-replay check is based on a window where the packets are checked one at the time whilst the other packets are “locked”. This bottleneck can considerably slow down processing of the received packets.
It is noted that the above discussed issues are not limited to any particular system and data processing apparatus but may occur in any system where replacement of keys may be needed.
Embodiments of the invention aim to address one or several of the above issues.